NIT-994 pipeline for installing helm charts #40
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: helm-releases | |
on: | |
push: | |
branches: [NIT-994-alfresco-pipeline-for-deployments-helm, main] | |
# Ecluding path as they are specifig to building Share container image | |
paths-ignore: | |
- 'docker-files/Dockerfile-share' | |
- '.github/workflows/cloud-platform-build-push-share.yml' | |
workflow_dispatch: | |
jobs: | |
poc-deployment-job: | |
# Get this GitHub environment populated with action secrets by raising a CP pull request. See docs at: | |
# https://github.com/ministryofjustice/cloud-platform-terraform-serviceaccount?tab=readme-ov-file#input_github_environments | |
environment: poc | |
runs-on: ubuntu-latest | |
permissions: | |
id-token: write # This is required for requesting the JWT | |
contents: read # This is required for actions/checkout | |
steps: | |
- name: Checkout current repo | |
uses: actions/checkout@v3 | |
- name: Configure aws credentials for ECR | |
uses: aws-actions/[email protected] | |
with: | |
role-to-assume: ${{ secrets.SHARE_ECR_ROLE_TO_ASSUME }} | |
aws-region: ${{ vars.SHARE_ECR_REGION }} | |
- name: ECR login | |
uses: aws-actions/amazon-ecr-login@v2 | |
id: login-ecr | |
- name: Alfresco Enterprise image repository login | |
run: docker login quay.io -u ${{ secrets.ALFRESCO_QUAY_IO_USERNAME }} -p ${{ secrets.ALFRESCO_QUAY_IO_PASSWORD }} | |
- name: Install Kubernetes | |
uses: azure/[email protected] | |
with: | |
version: 'v1.26.0' # default is latest stable | |
id: kubectl_install | |
- name: Install Helm | |
uses: azure/[email protected] | |
with: | |
version: 'v3.9.0' | |
id: helm_install | |
- name: PoC deployment | |
env: | |
KUBE_NAMESPACE: ${{ secrets.KUBE_NAMESPACE }} | |
KUBE_CLUSTER: ${{ secrets.KUBE_CLUSTER }} | |
working-directory: ./alfresco-content-services | |
run: | | |
# See this link how github action secrets are created: https://github.com/ministryofjustice/cloud-platform-terraform-serviceaccount | |
# See this example on how to use github secrets: https://github.com/ministryofjustice/cloud-platform-example-application/blob/main/.github/workflows/deploy.yml#L38 | |
echo "${{ secrets.KUBE_CERT }}" > ca.crt | |
kubectl config set-cluster ${KUBE_CLUSTER} --certificate-authority=./ca.crt --server=https://${KUBE_CLUSTER} | |
kubectl config set-credentials deploy-user --token=${{ secrets.KUBE_TOKEN }} | |
kubectl config set-context ${KUBE_CLUSTER} --cluster=${KUBE_CLUSTER} --user=deploy-user --namespace=${KUBE_NAMESPACE} | |
kubectl config use-context ${KUBE_CLUSTER} | |
# For Alfresco, a k8s namespace will be an environment | |
kubectl config set-context --current --namespace=${KUBE_NAMESPACE} | |
kubectl get all | |
# Helm will not deploy unless this secret is present. Create a new one if one does not already exist from env section | |
export SECRET = $(awk '{print substr($0, 19)}' <<< $(kubectl get secrets alfresco-content-services-alfresco-repository-properties-secret -o jsonpath='{.data.alfresco-global\.properties}' | base64 -d)) 2> /dev/null | |
# if [ -z ${SECRET} ] | |
# then | |
# export SECRET=$(openssl rand -base64 20) | |
# fi | |
# # Upgrad an existing release or create a new one if one does not exist | |
# export BUCKET_NAME = $(awk '{print substr($0, 0)}' <<< $(kubectl get secrets s3-bucket-output -o jsonpath='{.data.bucket_name}' | base64 -d)) | |
# helm upgrade --install alfresco-content-services . --values=./values.yaml \ | |
# --set s3connector.config.bucketName=$BUCKET_NAME \ | |
# --set global.tracking.sharedsecret=$SECRET |